Security

Last updated: August 25, 2020

At Binary Brotherhood, security is our top priority. We do have implemented and had a continuous process to check and improve current security measures to ensure that the data of our customers and consultants are secure and safe. Here are some of the security measures we took and constantly improved to protect and defend the Binary Brotherhood platform.

Encrypting Data in Transit

All HTTP-traffic to Binary Brotherhood runs over an SSL-encrypted connection, and we only accept traffic on port 443. The status of our SSL configuration can be found here. We are using the Strict Transport Security Header (HSTS) with the preload option, guaranteeing that requests are never made over a non-encrypted connection.

Hosting and Database Storage

Binary Brotherhood is hosted via Google Cloud and Netlify and managed within Google / Netlify data centers that leverage secure this companies technology.

Encrypting Data at Rest, Database

Binary Brotherhood’s all data is at rest and associated keys are encrypted using the industry-standard AES-256 algorithm. Only once an authorized user is granted access to his data will that subset of data be decrypted. For further details around the encryption at rest, please see Encryption at Rest in Google Cloud Platform.

Encrypting Data at Rest, Files

Static files, such as images and other documents, are persisted using Google / Digital Ocean / Netlify storage. All static files are encrypted before they’re stored, so while at rest, they are encrypted.

GCP Security Practices

Cloud Platform and Google infrastructure is certified for a growing number of compliance standards and controls and undergoes several independent third-party audits to test for data safety, privacy, and security. Read more about the specific certifications on the GCP compliance page.

More information about GCP security can be found at Google Security Overview.

Password Policy and Storage

During an account creation and password update, Binary Brotherhood requires a strong password that has 15 characters or more and contains numbers as wells as lower- and uppercase letters. We do not store user passwords: we only store one-way encrypted password hashes using open-source audited Bcrypt.

To further protect account access, Two-factor authentication is available to all Binary Brotherhood users who use either Google Authenticator or Authy and can be turned on via the user account security settings.

Following an email change, password change, or similar sensitive user account changes occur, the user is always notified in order to quickly be able to respond, should an account attack be undergoing.

Binary Brotherhood uses various services to automatically monitor uptime and site availability. Key employees receive automatic email and SMS notifications in the case of downtime or emergencies.

Organization

We require all employees to use strong, unique passwords for Binary Brotherhood accounts, and to set up two-factor authentication with each device and service where available. All Binary Brotherhood employees are required to use recognized password managers like Bitwarden, or 1Password to generate and store strong passwords, and are also required to encrypt local hard drives and enable screen locking for device security. All-access to application admin functionalities is restricted to a subset of Binary Brotherhood staff and restricted by IP and other security measures.

Monitoring and Notifications

Binary Brotherhood uses several services to automatically monitor uptime and site availability. Key employees receive automatic email and SMS notifications in the case of downtime or emergencies.

Vulnerability Disclosure

security[at]binarybrotherhood.io

Emergency

In the event of an unlikely security breach, we have procedures to respond to such an event, as including restricting access to the web application, wide password reset action, etc.